Authentication mechanisms for IoT system based on distributed MQTT brokers: Review and challenges

Hassan Kurdi*, Vijey Thayananthan

*Corresponding author for this work

Research output: Contribution to journalConference articlepeer-review

2 Citations (Scopus)
16 Downloads (Pure)


With the rapid growth of internet connected devices and the tremendous amount of data that could be generated and exchanged in IoT environment, we need to reconsider in the current IoT architecture that based on Cloud computing system, to avoid the issues related to performance and scalability. Message Queue Telemetry Transport (MQTT) is one of promising protocol for data exchange in IoT that could encounter such issues because it relies on central broker located in Cloud, and this may lead to increase network congestion, performance overhead or bottleneck. Therefore, we need to leverage Fog computing by developing a distributed architecture for MQTT that contain multiple brokers. In this case, IoT services can be coordinated and managed between Fog computing and Cloud computing. However, this will open new security challenges for several reasons. Firstly, security procedures need to be modified because MQTT that based on distributed architecture require additional multiple brokers and different communication standards that may increase security threats and increase security management complexity. Secondly, MQTT is inherently lacking efficient security features because it performs username/password-based authentication in a plain text, that protected by cryptographic protocol SSL/TSL which is not consider as lightweight protocol for resources constrained devices. This paper will present taxonomy and realization process of IoT authentication scheme. In addition, the paper will discuss challenges of applying authentication mechanisms for IoT systems that based on distributed MQTT brokers.

Original languageEnglish
Pages (from-to)132-139
Number of pages8
JournalProcedia Computer Science
Publication statusPublished - 3 Dec 2021
Externally publishedYes
Event18th International Learning and Technology Conference 2021 - Virtual, Online, Saudi Arabia
Duration: 28 Jan 202128 Jan 2021
Conference number: 18th


  • Authentication
  • Distributed architecture
  • Fog computing
  • Internet of things (IoT)
  • MQTT
  • Security


Dive into the research topics of 'Authentication mechanisms for IoT system based on distributed MQTT brokers: Review and challenges'. Together they form a unique fingerprint.

Cite this